//package com.angel.bo.auth.client.config.security;
//
//import com.angel.bo.admin.config.security.handler.JsonAccessDenieHandler;
//import com.angel.bo.admin.config.security.handler.LoginFaildEnventHandler;
//import com.angel.bo.admin.config.security.handler.LoginSuccessEnventHandler;
//import com.angel.bo.admin.config.security.jwt.DefaultJwtTokenUtil;
//import org.springframework.beans.factory.annotation.Autowired;
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.security.authentication.AuthenticationManager;
//import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
//import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
//import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
//import org.springframework.security.crypto.password.PasswordEncoder;
//import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
//
///**
// * @author zhangwei
// * spring security 核心配置
// */
//@Configuration
//@EnableWebSecurity
////这里一定要打开prePostEnabled,不然controller注解里的权限控制不会生效
//@EnableGlobalMethodSecurity(prePostEnabled = true)
//public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
//
//    @Autowired
//    private UserDetailsServiceImpl userDetailsService;
//    @Autowired
//    private DefaultJwtTokenUtil jwtTokenUtil;
//    @Autowired
//    private LoginSuccessEnventHandler loginSuccessEnventHandler;
//    @Autowired
//    private LoginFaildEnventHandler loginFaildEnventHandler;
//    @Autowired
//    private JsonAccessDenieHandler jsonAccessDenieHandler;
//    @Autowired
//    private GoAuthenticationEntryPoint goAuthenticationEntryPoint;
//
//    @Autowired
//    @Override
//    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//        auth.userDetailsService(userDetailsService).passwordEncoder(getBCryptPasswordEncoder());
//    }
//
//    @Override
//    protected void configure(HttpSecurity http) throws Exception {
//        http
//                //所有请求都被认证
//                .authorizeRequests()
//                //对swagger的相关请求放行
//                .antMatchers("/swagger-ui.html","/favicon.ico","/webjars/springfox-swagger-ui/**","/swagger-resources/**","/v2/api-docs/**")
//                .permitAll()
//                .antMatchers("/**")
//                .authenticated()
//                .and()
//                .exceptionHandling()
//                //自定义通过token登录失败事件
//                .authenticationEntryPoint(goAuthenticationEntryPoint)
//                //自定义权限不足控制器
//                .accessDeniedHandler(jsonAccessDenieHandler)
//                .and()
//                .sessionManagement()
//                //同一个用户的最大session数量
//                .maximumSessions(1)
//                //达到最大session时是否阻止新的登录请求，默认为false，不阻止，新的登录会将老的登录失效掉
//                .maxSessionsPreventsLogin(false)
//                .and().and()
//                //关闭spring security默认的防CSRF攻击.原理是需要在每个页面中验证成功登录后创建的csrf token值.但是这种方式不适合前后端分离的开发
//                .csrf().disable()
//                //用自定义的token鉴权filter,代替spring security默认的鉴权filter
//                .addFilterBefore(new JwtAuthorizationTokenFilter(jwtTokenUtil, "token"), UsernamePasswordAuthenticationFilter.class)
//                //用重写的Filter替换掉原有的UsernamePasswordAuthenticationFilter
//                .addFilterAt(jsonUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
//
//    }
//
//    /**
//     * 注册自定义的UsernamePasswordAuthenticationFilter
//     */
//    @Bean
//    JsonUsernamePasswordAuthenticationFilter jsonUsernamePasswordAuthenticationFilter() throws Exception {
//        JsonUsernamePasswordAuthenticationFilter filter = new JsonUsernamePasswordAuthenticationFilter();
//        filter.setAuthenticationSuccessHandler(loginSuccessEnventHandler);
//        filter.setAuthenticationFailureHandler(loginFaildEnventHandler);
//        filter.setFilterProcessesUrl("/teacher/login");
//        //这句很关键，重用WebSecurityConfigurerAdapter配置的AuthenticationManager，不然要自己组装AuthenticationManager
//        filter.setAuthenticationManager(authenticationManagerBean());
//        return filter;
//    }
//
//    /**
//     * spring security推荐的密码加密工具
//     *
//     * @return
//     */
//    @Bean
//    PasswordEncoder getBCryptPasswordEncoder() {
//        return new BCryptPasswordEncoder();
//    }
//
//    /**
//     * 添加权限控制器
//     * 使用spring security默认的
//     *
//     * @return
//     * @throws Exception
//     */
//    @Bean
//    @Override
//    protected AuthenticationManager authenticationManager() throws Exception {
//        return super.authenticationManager();
//    }
//
//    /**
//     * 注入用户和权限
//     *
//     * @param auth
//     * @throws Exception
//     */
//    @Autowired
//    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
//        auth.userDetailsService(userDetailsService);
//    }
//}
//
